Move extraction of encryption and rotation options to separate functions

cmd/sops/edit.go

@@ -32,13 +32,7 @@ type editOpts struct {
 
 type editExampleOpts struct {
 	editOpts
-	UnencryptedSuffix string
-	EncryptedSuffix   string
-	UnencryptedRegex  string
-	EncryptedRegex    string
-	MACOnlyEncrypted  bool
-	KeyGroups         []sops.KeyGroup
-	GroupThreshold    int
+	encryptConfig
 }
 
 type runEditorUntilOkOpts struct {
@@ -61,16 +55,7 @@ func editExample(opts editExampleOpts) ([]byte, error) {
 	}
 	tree := sops.Tree{
 		Branches: branches,
-		Metadata: sops.Metadata{
-			KeyGroups:         opts.KeyGroups,
-			UnencryptedSuffix: opts.UnencryptedSuffix,
-			EncryptedSuffix:   opts.EncryptedSuffix,
-			UnencryptedRegex:  opts.UnencryptedRegex,
-			EncryptedRegex:    opts.EncryptedRegex,
-			MACOnlyEncrypted:  opts.MACOnlyEncrypted,
-			Version:           version.Version,
-			ShamirThreshold:   opts.GroupThreshold,
-		},
+		Metadata: metadataFromEncryptionConfig(opts.encryptConfig),
 		FilePath: path,
 	}
 

cmd/sops/encrypt.go

@@ -14,12 +14,7 @@ import (
 	"github.com/mitchellh/go-wordwrap"
 )
 
-type encryptOpts struct {
-	Cipher            sops.Cipher
-	InputStore        sops.Store
-	OutputStore       sops.Store
-	InputPath         string
-	KeyServices       []keyservice.KeyServiceClient
+type encryptConfig struct {
 	UnencryptedSuffix string
 	EncryptedSuffix   string
 	UnencryptedRegex  string
@@ -29,6 +24,15 @@ type encryptOpts struct {
 	GroupThreshold    int
 }
 
+type encryptOpts struct {
+	Cipher      sops.Cipher
+	InputStore  sops.Store
+	OutputStore sops.Store
+	InputPath   string
+	KeyServices []keyservice.KeyServiceClient
+	encryptConfig
+}
+
 type fileAlreadyEncryptedError struct{}
 
 func (err *fileAlreadyEncryptedError) Error() string {
@@ -55,6 +59,19 @@ func ensureNoMetadata(opts encryptOpts, branch sops.TreeBranch) error {
 	return nil
 }
 
+func metadataFromEncryptionConfig(config encryptConfig) sops.Metadata {
+	return sops.Metadata{
+		KeyGroups:         config.KeyGroups,
+		UnencryptedSuffix: config.UnencryptedSuffix,
+		EncryptedSuffix:   config.EncryptedSuffix,
+		UnencryptedRegex:  config.UnencryptedRegex,
+		EncryptedRegex:    config.EncryptedRegex,
+		MACOnlyEncrypted:  config.MACOnlyEncrypted,
+		Version:           version.Version,
+		ShamirThreshold:   config.GroupThreshold,
+	}
+}
+
 func encrypt(opts encryptOpts) (encryptedFile []byte, err error) {
 	// Load the file
 	fileBytes, err := os.ReadFile(opts.InputPath)
@@ -77,16 +94,7 @@ func encrypt(opts encryptOpts) (encryptedFile []byte, err error) {
 	}
 	tree := sops.Tree{
 		Branches: branches,
-		Metadata: sops.Metadata{
-			KeyGroups:         opts.KeyGroups,
-			UnencryptedSuffix: opts.UnencryptedSuffix,
-			EncryptedSuffix:   opts.EncryptedSuffix,
-			UnencryptedRegex:  opts.UnencryptedRegex,
-			EncryptedRegex:    opts.EncryptedRegex,
-			MACOnlyEncrypted:  opts.MACOnlyEncrypted,
-			Version:           version.Version,
-			ShamirThreshold:   opts.GroupThreshold,
-		},
+		Metadata: metadataFromEncryptionConfig(opts.encryptConfig),
 		FilePath: path,
 	}
 	dataKey, errs := tree.GenerateDataKeyWithKeyServices(opts.KeyServices)